2. Information is managed

2. Information is managed

Information should be stored, protected and exploited according to its value. This requires consideration of the whole lifecycle of the information from identification of need, creation, use, reuse and ultimately disposition once the information has ceased to be useful from an operational point of view. 

A range of best practices need to be in place to ensure appropriate availability, continued integrity, avoidance of loss and continuity across technology changes. It is particularly important that information containing personal data is adequately protected. 

The organisational culture must support best practice in information management and make sure that everyone responsible for processing business assets is appropriately skilled. 

Putting it into practice

Creating an environment in which information can be managed, protected and exploited, whilst ensuring legal and regulatory compliance and information security is maintained, can be done through:

1. Establishing a framework for managing information through the different stages of its lifecycle. Policies and procedures are in place to help staff understand this framework; these include, but are not limited to:

• Information sharing
• Information and records management policy
• Records retention and disposal schedule
• Digital continuity policy

2.   Providing technological assistance to automate or semi-automate the information  management lifecycle for electronic information, this can be achieved through using approved systems for storing information instead of network drives. If the approved system does not have the functionality available this should be sought as part of system improvements or upgrades.